Lead Information Security Engineer

Date posted:

Department:

Information Technology

Location:

Long Island City (HQ) - Queens, NY

Description:

Responsible for guiding the Credit Union’s threat analytics, detection and response teams. Help ensure that threat indicators are reviewed and correlated to identify and respond to potential attacks. In the event of a verified incident, will ensure that forensics data is available, complete and reliable, and will help formulate an appropriate, effective and timely response plan. Maintain a good understanding of the threat landscape to ensure UNFCU is proactive in maintaining its security posture to protect the information assets of the organization.

Accountabilities:

• Develop UNFCU’s threat intelligence strategy, systems and partnerships. This includes (a) research, design and implementation of advanced threat detection, vulnerability management and security information and event management solutions (b) analysis intrusion detection, SIEM and other threat intelligence or forensics data to investigate and mitigate potential attacks (c) ongoing administration and maintenance of UNFCU threat management platforms (d) effective vendor/partner management, including monitoring partner adherence to SLA’s, managing support renewal processes and maintaining effective and professional communications with key suppliers/partners
• Additional responsibilities include:
o Lead or participate in organization wide security risk assessments.
o Create or review information policies, standards, procedures and other Information Security documents.
• Serve as a resource to the organization in the realm of information security for any and all projects to ensure the security, integrity and availability of the organization’s member, staff and corporate information.
• Interface with Information Technology (IT) staff and end-users regarding the development of security specifications.
• Consistently seek to identify and implement solutions, which result in increased security awareness for the entire organization.
• Advise and assist other departments and the PMO in performing vendor due diligence, creating requirements and evaluating solutions regarding their fitness for use
• Lead or contribute to process and/or system reviews and audits by examiners, management, regulatory agencies and other stakeholders as required.
• Maintain an understanding of all the systems, solutions, and technologies administered and implemented by the Credit Union for the purpose of information security. These systems and technologies include, but are not limited to firewalls, anti-malware platforms, DDoS and WAF solutions, network access control, secure remote access, IPS, SIEM, DLP, data encryption, vulnerability management, URL/Web Content Filtering, etc.
• Perform additional tasks as assigned by management.

Qualifications:

TYPE & AMOUNT OF EXPERIENCE:
• Bachelor’s degree in Information Technology or related field and 5 years experience in IT/Security, including SOC, IPS/IDS, APT, SIEM and systems/networking administration
• Experience must include the following:
o Independent management of Intrusion Detection/Prevention, Security Information and Event Management and advanced threat management platforms
o Administration of Tipping Point, Fireeye, ArcSight or Splunk solutions (preferred)
• Palo Alto Networks, Check Point and Cisco certifications a plus

TECHNICAL COMPETENCIES:
• Proven ability to independently conceptualize, design, deploy, and manage intrusion prevention, threat detection SIEM solutions
• Experience reviewing security events alerts and responding/blocking potential attacks (Security Operations Center)
• Thorough understanding of networking principles and protocols
• Strong understanding of industry trends and of layered/security in depth principles
• Awareness of accepted information security best practices and regulatory requirements

BEHAVIORAL COMPETENCIES:
• Ability to both lead and be an effective member of cross functional teams
• Proactive in researching emerging technologies, threat actors, vun and topics in Information Security field
• Ability to independently prioritize work and complete assignments with minimal oversight
• Active learner with ability to thrive in environment with an open sharing of ideas and a team first attitude in finding solutions to business problems
• Detail oriented and process focused
• Professional communication skills, both verbal and written
• Ability to manage relationships at all levels throughout the organization
• Able to multi-task in a fast paced environment
• Maintain professional appearance
• Willingness to work flexible hours

WORK ENVIRONMENT/CONDITIONS:
• Standard office conditions

In addition to any specific job requirements in connection with Bank Secrecy Act and/or OFAC (BSA), employee must (i) be aware of BSA matters commensurate with the position; (ii) report any suspicious activity to the manager or compliance department; and (iii) satisfactorily complete any required BSA training.